Invite fails on Linux mint client

Using Zrok latest version get this:

zrok invite --token (use token) (base)
[WARNING]: unable to open zrokdir metadata; ignoring

there was a problem creating an invitation!

you are trying to use the zrok service at: https://api.zrok.io

should you be using a --token? check with your instance administrator!

you can change your zrok service endpoint using this command:

$ zrok config set apiEndpoint

(where newEndpoint is something like: https://some.zrok.io)

[ERROR]: error creating zrok api client (error getting version from api endpoint ‘https://api.zrok.io’: Get “https://api.zrok.io/api/v1/version”: net/http: TLS handshake timeout: Get “https://api.zrok.io/api/v1/version”: net/http: TLS handshake timeout)

Hi @krionical, thanks for trying out zrok and welcome to the community.

I’m a bit confused as to the actual problem. Have you already emailed and asked for a beta token and are trying to connect via linux mint? That’s what I assume? You’re not trying to invite yourself, right? You have gotten a token emailed back to you?

I don’t know of any reason why Mint would be ‘special’. The TLS handshake timeout is definitely strange and unexpected. You shouldn’t need to set the apiEndpoint for zrok.io

Can you just clarify what the problem is?

Yeah sure. So I emailed and received a token because I kept getting the handshake error. Then I tried to register with the token and got a timeout for the handshake just as I did when I tried to request. I am guessing the TLS handshake is the real culprit, since I had trouble with it at both steps, but mentioned the distro since usually git bug reports want to know the distro. (Force of habit)

Can you access https://api.zrok.io in a browser? Does it show up as a valid site or does it tell you that it’s “not trusted”? You SHOULD see a valid certificate from AWS with this chain:
image

It’s possible Mint doesn’t have this CA in the operating system’s trust store.

Could you run this command and provide the output:

openssl s_client -connect api.zrok.io:443

example (and expected) output, only the last few lines shown:

    Start Time: 1676342701
    Timeout   : 7200 (sec)
    Verify return code: 0 (ok)
    Extended master secret: no

Start Time: 1676342809
Timeout : 7200 (sec)
Verify return code: 0 (ok)
Extended master secret: no

Yep. That’s fine.

Edit to include: The site is locked in the browser which means trusted and fine.

Well this is … unexpected… I’ll have to have a think over what this might be and figure out how to diagnose what is going wrong. Nothing comes immediately to mind… You don’t have any other VPN active I presume, right? nothing “person-in-the-middling” the connection?

Nope. No VPN is currently on or anything else I can think of that would “person in the middle” the connection.

can you run the command with --panic and --verbose and provide the output (with your token removed) please?

zrok invite --token --panic --verbose (base)
[WARNING]: unable to open zrokdir metadata; ignoring

enter and confirm your email address…

email
email

[Submit]

there was a problem creating an invitation!

you are trying to use the zrok service at: https://api.zrok.io

should you be using a --token? check with your instance administrator!

you can change your zrok service endpoint using this command:

$ zrok config set apiEndpoint

(where newEndpoint is something like: https://some.zrok.io)

[ERROR]: error creating invitation ([POST /invite][401] inviteUnauthorized)

This was my original problem where I emailed in to get a token…

Well, mysteriously, the email came through anyway, and I was able to complete the process so mark the mystery solved I guess! Thanks for the help. Maybe it just needed threatening.

Woah. Interesting. Seems almost transient. I’m glad it’s working but clearly you hit some kind of odd error there… Thanks for sticking with it!

1 Like

Zrok was version upgraded between problems and someone else reported my original issue so it might have been “stuck in limbo” for some reason I can’t completely identify but even though the post says failed the email came through so its a mixed bag but the outcome is “success”.

1 Like

Ah. That’s also good information. Thanks for that

1 Like